Government Taps the Power of Cloud Computing

The Federal government is using cloud computing and finding it can meet its security and scalability needs. Security and privacy concerns often present a strong barrier-to-entry and federal government CIOs need to find ways to secure their investments in the cloud.

Bruce Hart is the Chief Operating Officer of Terremark Federal Group which provides government agencies with a complete suite of managed infrastructure services for mission-critical federal applications, including cloud computing, colocation, network services, managed hosting and security services.

BRUCE HART
Terremark

Since taking office, the Obama administration has pushed the Federal government to improve efficiency in its IT systems and provide citizens with greater transparency through the use of innovative technology. Following this mandate, Federal CIO Vivek Kundra has recently promoted virtualizing and consolidating data centers and operations, and ultimately shifting government IT to a cloud-computing business model. This has led major governmental agencies to identify projects and IT operations that can benefit from moving to the cloud.

Until now, security concerns over physical access, information protection, privacy and control of the information impacted the way governmental agencies have built their infrastructure. However, increasingly high costs with few or no economies of scale and the inability of several agencies to share or aggregate information across departments in a timely manner are causing real problems. As a result, the government's ability to respond to the needs of the public, while effectively protecting its infrastructure from 21st century threats, such as techno-terrorism and cyber-security attacks, are being affected.

The President's Memorandum on Transparency and Open Government, issued on January 21, 2009, has been a step in the right direction, requiring agencies to develop public-facing web sites and post up-to-date information to support federal transparency, participation and collaboration goals. The memorandum has also set aggressive timelines for meeting these goals, instructing agencies to take prompt steps by making information available online in open formats that can be easily retrieved, downloaded, indexed, and searched by commonly used web search applications. However, creating public-facing web sites and converting stored data to user-friendly formats poses significant IT infrastructure and security challenges.

Can Cloud Computing Meet These New Infrastructure Demands?
With agencies having traditionally deployed and managed their own IT infrastructure, most intra-agency information was held captive by the constraints of security and compliance concerns. Cloud computing represents a fundamental change in managing and delivering information, because the information owners and users no longer need to work directly with the supporting physical infrastructure to benefit from the services and information it delivers.

By enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction, cloud computing offers a number of marked advantages to agencies seeking to meet these new open government requirements and make more effective, collaborative use of their data.

Is There a Model to Increase Scalability while Reducing Infrastructure Costs?
Making agency data publicly accessible or available to other departments for collaborative action means that government CIOs will face a common challenge: how to support unpredictable usage peaks and patterns as interaction that is not easily modeled ebbs and flows. Traffic increases dramatically and performance degrades, when highly anticipated statistics are released, during times of natural disasters or other crises or at peak reporting times. As a growing volume of data is made public or otherwise shared, traditional infrastructure cannot scale to support surge requirements or the real-time responsiveness required. Building extra capacity into the infrastructure to accommodate usage peaks results in idle capacity and is not a cost-effective strategy.

Cloud computing revolutionizes infrastructure cost and scalability decisions. First, IT decision-makers can leverage a massively scalable, shared virtualized infrastructure to avoid capital expenditures and reduce operating expenses. Agencies don't have to gain approval for large capital expenditures, and can avoid the costs of hardware, software, salaries for specialized IT resources, training and ongoing support. Cloud computing also enables granular scalability, scaling up and down as needed to deliver guaranteed resources on demand.

If traffic volume spikes, additional capacity can be immediately enabled, either directly via a provisioning interface or programmatically via the use of application programming interfaces (APIs). And those resources can be retired just as easily after the event. With dynamic access to capacity on demand, agencies are not faced with building an infrastructure sized to accommodate usage peaks. And as an added benefit, agencies need only to pay for what they use, improving asset utilization and simplifying financial decision-making.

Ensuring Security and Compliance on The Cloud
Security and privacy concerns often present a strong barrier-to-entry and federal government CIOs need to find ways to secure their investments in the cloud. Key in this effort is the ability to balance mandated, broader access to their data with the need to secure the content of their information and to comply with various federal protocols for IT systems security. Commercial cloud infrastructure, like traditional IT infrastructure, can and must be audited and certified for a range of requirements under federal protocols.

Multi-layer security services can be delivered through the cloud to defend websites, applications and data from malicious attacks, and cloud computing providers should employ these services while enabling agencies to acquire the appropriate level of risk protection. A service provider's cloud computing infrastructure should also provide highly experienced, certified professionals, who are deeply familiar with government security requirements and can audit and certify an agency's cloud infrastructure.

Advanced, managed security services should also be delivered through the cloud to fully protect mission-critical data and services. Service providers should be able to deliver services that will address federal best practices for a range of requirements, including logging, information security management, application firewalls, two-factor authentication, full packet analysis and vulnerability management. Providers must also be able to help agencies prepare and undergo required certifications and accreditations for cloud infrastructure, including conducting assessments and audits to ensure standards are met, as well as working with agency security and IT teams to enact policy for standards. Overall, the economies of cloud computing permit agencies to redirect resources toward even more stringent security provisions than they might have enjoyed before.

A Success Story: USA.gov and Data.gov in The Cloud
Today, the use of cloud computing services by agencies is poised for rapid gains, as seen in the case of USA.gov and Data.gov, which can now better benefit the public through the massive amounts of government-held information they offer. With an initial goal to cut down the cost of managing these sites by 50 percent, the General Services Administration (GSA) turned to Terremark's Enterprise Cloud infrastructure to provide hosting, storage and disaster recovery services for the web portal that serves as the primary source of information about U.S. federal, state and local government services, such as grant instructions, consumer guides, health and nutrition updates, tax forms, voter registration, student financial aid and critical national disaster information. USA.gov had previously been deployed in-house and used a virtualized approach. It migrated to a service provider cloud infrastructure within 10 days.

Now USA.gov can maintain a small persistent footprint and deploy on-demand scaling as traffic fluctuates. When traffic is at normal levels, the GSA pays only a contracted baseline fee, but it can seamlessly accommodate volume spikes when needed. Migration to the cloud has enabled GSA to avoid paying for idle server time without compromising its ability to deliver real-time performance for users.

As Federal CIO Vivek Kundra has repeatedly said publicly, the GSA reduced annual costs for this service from $2.5 million to $800,000 by moving it to cloud technology. This agile computing infrastructure allows GSA to deploy upgrades to USA.gov in 24 hours instead of the six months that would otherwise be required in a traditional infrastructure model.

In addition, the enterprise-class security that cloud providers are building into their cloud offerings allows for services to be audited and certified to meet government and agency-specific requirements.

Does Cloud Computing Work for All?
Today, there is no better model to help organizations improve IT efficiencies, reduce operating costs, and ensure data security at a minimum risk. Agencies considering a cloud computing solution can benefit from adopting a service with the same characteristics as the USA.gov and Data.gov cloud computing solutions. To be successful though, it is critical for both the cloud computing service providers and government users to understand the drivers and challenges in federal, state and local government market, identify the areas that cloud computing can bring the most IT efficiencies, and raise the levels of awareness and trust in the model.